CVE-2022-46705Improper Input Validation in Apple Macos

CWE-20Improper Input Validation16 documents9 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 68.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apple MacosApple IpadosApple Iphone OS+3 more
Timeline
PublishedFeb 27
Latest updateNov 15

Description

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages7 packages

CVEListV5apple/macosunspecified13.1+1
NVDapple/macos< 13.1
NVDapple/ipados16.016.2+1
NVDapple/safari< 16.2
NVDapple/tvos< 16.2

🔴Vulnerability Details

4
CVEList
CVE-2022-46705: A spoofing issue existed in the handling of URLs2023-02-27
GHSA
GHSA-wx4m-4gqh-j3gc: A spoofing issue existed in the handling of URLs2023-02-27
OSV
CVE-2022-46705: A spoofing issue existed in the handling of URLs2023-02-27
VulnCheck
iOS, iPadOS, macOS Ventura, and Safari URL Spoofing Vulnerability2022

📋Vendor Advisories

9
Red Hat
webkitgtk: Visiting a malicious website may lead to address bar spoofing2023-11-15
Apple
CVE-2022-46705: iOS 16.4 and iPadOS 16.42023-03-27
Apple
CVE-2022-46705: iOS 15.7.2 and iPadOS 15.7.22022-12-13
Apple
CVE-2022-46705: Safari 16.22022-12-13
Apple
CVE-2022-46705: watchOS 9.22022-12-13

🕵️Threat Intelligence

2
Sentinelone
7 Ways Threat Actors Deliver macOS Malware in the Enterprise2023-01-09
Sentinelone
7 Ways Threat Actors Deliver macOS Malware in the Enterprise2023-01-09
CVE-2022-46705 — Improper Input Validation in Apple | cvebase